Learning Library

← Back to Library

NIST Cybersecurity Framework Overview

8m • Unknown Channel • security • tutorial • intermediate • Watch on YouTube ↗

Key Points

The U.S. NIST Cybersecurity Framework (CSF) provides a structured approach—Identify, Protect, Detect, Respond, Recover—with a new Governance layer added in version 2.0 to guide organizations in aligning security with business objectives.
Governance requires understanding the organization’s mission, risk tolerance, role responsibilities, and developing policies and procedures, with risk assessment recommended as the starting point.
The Identify function focuses on cataloguing assets—data, hardware, software, and identities—and employing tools for dynamic discovery and classification of sensitive information.
Risk analysis within Identify includes assessing the attack surface and conducting vulnerability assessments to pinpoint where adversaries could gain access.
Effective governance, asset identification, and attack‑surface management together form the foundation for building a comprehensive, risk‑driven cybersecurity program.

Sections

00:00:00 Untitled Section

Full Transcript

# NIST Cybersecurity Framework Overview **Source:** [https://www.youtube.com/watch?v=Ula3TG8QS7g](https://www.youtube.com/watch?v=Ula3TG8QS7g) **Duration:** 00:08:28 ## Summary - The U.S. NIST Cybersecurity Framework (CSF) provides a structured approach—Identify, Protect, Detect, Respond, Recover—with a new Governance layer added in version 2.0 to guide organizations in aligning security with business objectives. - Governance requires understanding the organization’s mission, risk tolerance, role responsibilities, and developing policies and procedures, with risk assessment recommended as the starting point. - The Identify function focuses on cataloguing assets—data, hardware, software, and identities—and employing tools for dynamic discovery and classification of sensitive information. - Risk analysis within Identify includes assessing the attack surface and conducting vulnerability assessments to pinpoint where adversaries could gain access. - Effective governance, asset identification, and attack‑surface management together form the foundation for building a comprehensive, risk‑driven cybersecurity program. ## Sections - [00:00:00](https://www.youtube.com/watch?v=Ula3TG8QS7g&t=0s) **Untitled Section** - ## Full Transcript

0:00here's an understatement for you cyber 0:02security is really hard it feels like 0:04there's millions of moving Parts how do 0:06you know if you've got all the bases 0:07covered well the good news is the US 0:10National Institute of Standards also 0:12known as nist created a cyber security 0:14framework that will give you a general 0:17idea of whether you've done all the 0:19right things or not this is something 0:21you can use to build your cyber security 0:23program with and in the first version of 0:25this it included categories like 0:28identify protect detect respond and 0:31recover and in the 2.0 version which is 0:34about to come out they added another 0:37layer the governance layer so let's take 0:39a look so the cyber security framework 0:42is really expansive I'm not going to 0:45have time to cover the whole thing but 0:46I'm going to hit just a few of the high 0:48points to give you a general idea of 0:49what it's about let's take a look at 0:51this first one the governance layer that 0:53was recently added in this one it says 0:56we need to take a look at our 0:57organizational context understand what 0:59what's the mission of the the 1:01organization what are the goals what is 1:03it we're trying to achieve then we take 1:05a look at risk this is a big one also 1:09you need to understand what is the 1:10organization's tolerance for risk or 1:12their appetite for risk how much do you 1:15want to take on how much are you going 1:16to be risk averse because that's going 1:18to affect a lot of other things um we 1:20need to figure out who is responsible 1:23for doing what there are various roles 1:25that people will have in this 1:27organization and then ultimately develop 1:30policies and procedures that will 1:32correspond to this a lot of 1:34organizations start with developing 1:36policies and I'm going to suggest they 1:38should start with the risk because 1:40understanding your risk will affect all 1:42of these other things now we've set the 1:44stage with the big picture of governance 1:47now let's identify what it is that we 1:49need to protect what are we going to 1:51identify we're going to identify assets 1:54that need to be protected what are the 1:57assets that we're going to try to 1:58protect well it's going to be things 2:00like data it's going to be Hardware it's 2:03going to be software it's going to be 2:06people think about that in terms of 2:08identities not the actual individuals 2:11themselves that's a different subject 2:13but these are the things we have to take 2:14a look at so when I need a capability 2:17that helps me identify what all of those 2:19things are and tracks those assets uh in 2:22some cases to do Dynamic discovery of 2:25data and classifying it so that I know 2:27where the sensitive stuff is then we 2:30also need to identify what some of the 2:33risks are we call that risk analysis and 2:36in a risk analysis one of the things 2:38we'll take a look at is the idea of 2:40attack surface management and 2:42vulnerability analysis these are a 2:44couple of things that we have to do the 2:46attack surface that's the whole area 2:48where the bad guy could potentially get 2:50to us we need to make sure that we know 2:52what all of those open switches might be 2:55so that we can close them and we need to 2:57find out where the vulnerabilities exist 3:00now how do we protect these things well 3:02remember our old friend if you've seen 3:04some of my other videos where I talk 3:06about the CIA Triad that deals with 3:09confidentiality integrity and 3:12availability these are the Hallmarks of 3:15what we're trying to do to protect 3:16things in a cyber security environment I 3:18want to make sure that sensitive stuff 3:20is only available to the people that are 3:22supposed to have it it's confidential 3:24that it can't be tampered with it has 3:26integrity and that it's available to the 3:29people that need it so that's our goal 3:31well what kind of things can we put in 3:32place to do that well we're going to use 3:34things like cryptography because in in 3:37crypting information we make it so that 3:39other people can't see it if they're 3:41just happen to be on our Network then 3:43they they won't be able to see the 3:45sensitive information or if it's in a 3:47database that is data at rest then it 3:50will not be easily seen other things 3:52we're going to add are identity and 3:54access management capabilities like 3:56multiactor authentication so that I 3:58really know it's us when you go to log 4:00into the system I'm going to use other 4:03things like pass keys that make the 4:05system even more secure than a password 4:07would and then I'm going to also make 4:09sure that I have a good backup recovery 4:12system in particular on the protect side 4:14we're going to talk about backup the 4:16data at some point could be compromised 4:19I need to make sure that I have a good 4:21backup now the cyber security framework 4:23says we need a category to deal with 4:25detection of threats things where we 4:28tried to protect but it might have 4:30failed so I need a monitoring capability 4:34and with that monitor I need to be able 4:36to figure out if I have Adverse Events 4:38so I need to be able to analyze those 4:40things now what kind of tools would I 4:42need in place to do that kind of stuff 4:44well one thing that would help is an 4:46endpoint detection and response 4:48capability that goes on my individual 4:50workstations and tells me if I've got 4:52malware or other types of bad behaviors 4:55uh a network detection response 4:57capability that lets me know if 4:59anomalies are happening at the network 5:00layer a thread intelligence feed that 5:03tells me what kinds of things are 5:05happening in the wide environment uh 5:08maybe even outside of our own network 5:10what kinds of threat should we be 5:11looking for and the attack surface 5:13management capability that I mentioned 5:15previously that's something that I'd 5:17like to also take into account because 5:20that's where the guys are trying to 5:21attack well that's a whole bunch of 5:23tools so what I really want is something 5:26called a security information and event 5:28management system that actually 5:31coordinates and takes information to 5:33limit from all of these different 5:35systems correlates Aggregates and allows 5:38me to do that level of 5:40analysis we detected an adverse event 5:43with our security information event 5:44management system and now we need to go 5:46further and figure out what we need to 5:49do with this we open an incident we have 5:52a system that has cases and we need a 5:56management system that tracks those so 5:58that I can assign a case to an 6:00individual person I can gather all the 6:02information that relates to that case 6:04and pass it off to them the indicators 6:05of compromise the things that I've 6:07discovered while I was doing my own 6:10analysis of this so I'm going to need to 6:13analyze this particular case and then 6:15ultimately I need a capability to do 6:18mitigation so I want to be able to have 6:20something that allows me to know what I 6:23do once I have found that this is a 6:26problem and I know it's a problem so we 6:28have these things called Dynamic 6:30playbooks that help us do that Dynamic 6:32playbooks lead you through the steps 6:34that you need to do to do resolution all 6:37of these Technologies together we refer 6:39to as security orchestration Automation 6:43and response sore for short remember 6:46that backup I told you to take over here 6:48in the protect stage well we're going to 6:50now need that because now I want to 6:53restore if the outage I just had caused 6:56me to lose data then I need to be able 6:58to get that data back but just bringing 7:01it back may not be enough I also need to 7:03verify that the data is in fact secure 7:07that it hasn't been changed that it 7:09maintains Integrity for instance and 7:12then depending on the type of outage it 7:14might have been there may be some 7:16Communications that have to happen I may 7:18need to notify certain organizations 7:20within my company I may also have to 7:23notify if this was a data breach the 7:25consumers who were affected by this so 7:27look at what the Regulatory Compliance 7:29aspects of all of these things are that 7:31you're responsible for and by the way 7:34those would be covered here under the 7:35organizational context and should also 7:38be included in your policies so now you 7:41see how you can bring all of these 7:43pieces together as you can see there's a 7:46lot that goes into building a cyber 7:47security program and getting it all 7:49right the good news is the National 7:51Institute of Standards created a cyber 7:53security framework that you can use as 7:55the basis for your own security program 7:58I can't cover all the things to go into 7:59that but I've tried to hit some of the 8:01highlights here the good news again if 8:04you use this then you'll know if you've 8:06checked all the boxes and if you haven't 8:09well the bad guys are going to let you 8:11know and you're really not going to like 8:13the way they tell you thanks for 8:15watching if you found this video 8:16interesting and would like to learn more 8:18about cyber security please remember to 8:20hit like And subscribe to this 8:25channel